Equifax
faces hundreds of class-action lawsuits and an SEC subpoena over the
way it handled its data breach

Equifax, the credit reporting firm, is facing more
than 240
class-action lawsuits from consumers — in addition to suits
from shareholders and financial institutions — over the way it
handled a massive data breach that affected 145.5 million Americans.

Looking at cybercriminal black markets and public
forums, the company found millions of usernames and passwords stolen
directly through hacking. It also uncovered
billions usernames and passwords indirectly exposed in third-party
data breaches.

For one year, Google researchers investigated the
different ways hackers steal personal information and take over
Google accounts. Google published
its research, conducted between March 2016 and March 2017, on
Thursday.

… "One of the interesting things [we
found]was the sheer scale of information on
individuals that's out there and accessible to hijackers," Kurt
Thomas, security researcher at Google told CNN Tech.

Even if someone has no malicious hacking
experience, he or she could find all the tools they need on criminal
hacker forums.

I have some news: the
Internet of Things is a mess. A hacked refrigerator sounds slightly
scary, but a vibrator-controlling app that records all your sex
sounds and stores them on your phone without your knowledge? That's
way worse.

Today, a Reddit
user pointed out that Hong Kong-based sex toy company Lovense's
remote control vibrator app (Lovense
Remote) recorded a use session without their knowledge. An audio
file lasting six minutes was stored in the app's local folder. The
users says he or she gave the app access to the mic and camera but
only to use with the in-app chat function and to send voice clips on
command — not constant recording when in use. Other users
confirmed this app behavior, too.

Perspective. Some of my students don’t
understand how companies like Lyft can operate for years without
making a profit.

… A major investor is projecting Lyft will
have boosted its share of U.S. ride-hailing business some 61 percent
by the end of the year, climbing to about a third of the market. The
gains come as market-leader Uber’s reputation is in tatters
following a string of scandals that culminated with the resignation
of its chief executive officer in June.

… The document shows that Lyft projected it
would escape the red for the first time next year. The San
Francisco-based company was forecasting that its earnings, excluding
expenses such as taxes and interest, would increase to $500 million
in 2019 and $1 billion in 2020. However, Lyft has been spending at a
faster rate than expected to take advantage of Uber’s weaker
position and now is telling investors the company won’t break even
by the end of next year, said the people who asked not to be
identified discussing private financial information.

This year, Lyft is on pace for $1.5 billion in net
revenue -- the amount of money it generates after paying drivers --
on losses of $400 million, according to the document, which was
prepared at the end of the second quarter.

Whether it’s to
“bring the world closer together” or improve its public image,
Facebook today
announced Community
Boost. Facebook tells me it’s investing tens of millions of
dollars into the program that will travel to 30 cities around the
U.S. in 2018. It will teach digital job skills to the unemployed,
internet literacy to those just getting online, startup methodology
to entrepreneurs and customer growth to small business owners.

Unsurprisingly, though, all these skills revolve
around Facebook, which Facebook clearly thinks is the key to a better
life. Stops on the tour include Houston, St. Louis, Albuquerque, Des
Moines and Greenville, South Carolina — which are conspicuously
all red states that voted for Trump in the 2016 election.
Perhaps Facebook hopes to reduce unemployment that led to the
dissatisfaction with current political systems which landed us Trump.

Friday, November 10, 2017

Customer data that was compromised during a
massive breach of Equifax's systems was not encrypted, the company's
ex-CEO told a congressional committee Tuesday.

During a three-hour hearing
before the House Energy and Commerce Committee, Richard
Smith blamed the massive hack on a combination of failed technology
and human error. [Neither
excuse explains why nothing was encrypted. Bob]

… Then, responding to a question from Rep.
Adam Kinzinger, R-Illinois, Smith said the data was "not
encrypted."

“To this day, we have still not been able to
identify the intrusion that led to the attack,” Mayer said. Yahoo
had a separate data breach in 2014, which
the Justice Department in March said was the work of Russian
government spies. That breach impacted some 500 million Yahoo
accounts.

The testimony that Yahoo doesn’t know who
instigated the 2013 breach was “more than a little disconcerting,”
said Rick McElroy, a security strategist at the firm Carbon Black.
The incidence of two breaches in such quick succession shows “a
long period of time with no knowledge of what was happening when with
their systems,” McElroy said.

What’s more, Mayer’s testimony also showed
that companies are essentially competing in an arms race against bad
actors, said Jeff Dennis, a managing partner and lead in the
cybersecurity practice of Newmeyer & Dillion, a law firm based in
Newport Beach, Calif. “Even Yahoo’s allegedly robust defenses
were not enough in a fight with a foreign nation state, to ward off
this type of attack,” he said.

Screencasting is a fast and easy way to capture
what is happening on your screen along with your voice or video of
you speaking. Teachers can use screencasts to create self-paced
lessons for students, tutorials, and supplements to sub plans.
Students can use screencasting to tell stories or demonstrate their
understanding of a topic or concept. There really are no limitations
on screencasting can be used in schools.

The are quite a few screencasting apps available
and sometimes it is difficult to figure out which one to use. My
advice is to try out a couple of different ones to see which one you
are most comfortable with. All of these are free and some allow you
to access additional features for no additional cost by referring
friends and colleagues. All of them work nearly the same way.

Thursday, November 09, 2017

Senate Commerce Committee Hearing – Protecting
Consumers in the Era of Major Data Breaches – November 8, 2017:
“…“Massive
data breaches have touched the vast majority of American
consumers,” said [Senator John] Thune [R- S.D.]. “When such
breaches occur, urgent action is necessary to protect sensitive
personal information. This hearing will give the public the
opportunity to hear from those in charge, at the time major breaches
occurred and during the subsequent response efforts, at two large
companies who lost personal consumer data to nefarious actors.”

Washington
Post – “The hearing into the data breaches — the fifth so
far — featured testimony
from current and former officials from Equifax, Yahoo and
Verizon, and added to the uproar about the company’s policies and
its response to the breach. In one notable exchange, Sen. Catherine
Cortez Masto (D-Nev.) asked the interim chief executive officer of
Equifax, Paulino do Rego Barros, why consumers do not have a say in
opting in or out of the company’s data collection. “This is part
of the way the economy works,” Barros said. But he was swiftly
interrupted. “The consumer doesn’t have a choice, sir.
The consumer does not have a choice on the data that you’re
collecting,” Masto said…” [emphasis added]

See
also – Testimony
and Statement for the Record of Bruce Schneier,
Fellow and Lecturer, Belfer Center for Science and International
Affairs, Harvard Kennedy School Fellow, Berkman Center for Internet
and Society at Harvard Law School. Hearing on “Securing
Consumers’ Credit Data in the Age of Digital Commerce” Before the
Subcommittee on Digital Commerce and Consumer Protection Committee on
Energy and Commerce United States House of Representatives. 1
November 2017.

The Building Security In Maturity Model (BSIMM,
pronounced “bee simm”) is a study of existing software security
initiatives. By quantifying the practices of many different
organizations, we can describe the common ground shared by many as
well as the variations that make each unique.

BSIMM is not a how-to guide, nor is it a
one-size-fits-all prescription. Instead, it is a reflection of
software security.

Another legal wrangle, and an indication of poor
crime scene procedure when phones are involved.

The FBI
can't figure out how to unlock the Texas church shooter's iPhone, and
Apple has offered help

Another fight between Apple and the FBI is
brewing, this time over an iPhone reportedly used by Devin Patrick
Kelly, the man who went on a shooting rampage on Sunday that left 26
people dead at a church in Sutherland Springs, Texas.

… Apple told Business Insider that it
contacted the FBI after it saw the press conference on Tuesday.

"Our team immediately reached out to the FBI
after learning from their press conference on Tuesday that
investigators were trying to access a mobile phone. We offered
assistance and said we would expedite our response to any legal
process they send us," an Apple representative said in a
statement.

… The Apple representative went on to confirm
that law enforcement had not yet asked for any help from Apple
accessing data on Kelley's phone.

The implication is that had law enforcement
contacted Apple sooner, it would have received tips and guidance that
could have helped it preserve access to the data on Kelley's phone.

For example, as a security measure, the
fingerprint sensor on iPhones won't work if the user hasn't used it
in the past 48 hours. That suggests that for the two days after the
rampage and after Kelley's death, but before the press conference,
law enforcement could have used Kelley's actual finger or a copy of
his fingerprint to access his phone.

Okay, this is the kind of ruling I especially
dislike. Law.com reports:

Glassdoor Inc., the online job-review
site, must comply with a federal grand jury subpoena that seeks
identifying information about anonymous users of the website, a
federal appeals court ruled Wednesday in rejecting the
company’s privacy claims.

A panel of the U.S. Court of Appeals for
the Ninth Circuit upheld an Arizona trial judge who had denied
Glassdoor’s effort
to quash the grand jurysubpoena. The government is
seeking information about eight users who posted anonymous reviews
about a federal health care contractor under investigation for fraud.

San Francisco-based Glassdoor,
represented by a team from Perkins
Coie, argued that complying
with the subpoena would violate its users’ First Amendment rights
to anonymous free speech and to associate privately with a group, a
concept known as “associational privacy.”

And no, I still have no resolution on a grand jury
subpoena issued to Twitter for my details and the details of a few
lawyers because we were all tagged with an emoji in a tweet by Justin
Shafer. Shafer has been charged with cyberstalking an FBI agent in
Dallas. I was not even in any conversation with Shafer on Twitter,
but for reasons known only to him, he added me to a conversation and
tweeted a smiley to me and others. No words. just a smiley. And
this justifies a grand jury trying to unmask me on Twitter? Wow….

Once
considered a boon to democracy, social media have started to look
like its nemesis

The
Economist – “…Looking at the role that social media have
played in politics in the past couple of years, it is the fake-news
squalor of Gamergate, not the activist idealism of the Euromaidan,
which seems to have set the tone. In Germany the far-right
Alternative for Germany party won 12.6% of parliamentary seats in
part because of fears and falsehoods spread on social media, such as
the idea that Syrian refugees get better benefits than native
Germans. In Kenya weaponised online rumours and fake news have
further eroded trust in the country’s political system….”

Perspective. Companies will spend a lot of money
to protect a monopoly.

… Fort Collins voters said "yes" to
a ballot question that gives the city council permission "to
establish a telecommunications utility to provide broadband
services," The Coloradoanwrote.

… The anti-municipal broadband group, called
"Priorities First Fort Collins," spent $451,000 campaigning
against the broadband network ballot question. Priorities First Fort
Collins received nearly all of its funding from the Colorado Cable
Telecommunications Association and a group run by the city's chamber
of commerce. Comcast is a member of both groups that funded the
anti-municipal broadband campaign, while CenturyLink is a member of
the chamber.

The pro-municipal broadband group in Fort Collins,
the Fort Collins Citizens Broadband Committee, spent less than
$10,000 in the campaign.

… Colorado has a state
law requiring municipalities to hold referendums before they can
provide cable, telecom, or broadband service. Yesterday, voters in
Eagle
County and Boulder
County authorized their local governments to build broadband
networks, "bringing the total number of Colorado counties that
have rejected the state law to 31—nearly half of the state's 64
counties," Motherboard
wrote today.

The driverless electric shuttle bus that made its
debut downtown Wednesday was involved in a minor accident in its
first few hours of service, but the human driver of the other vehicle
was at fault, police said.

… Police determined that the shuttle came to a
stop when it sensed the truck was trying to back up. However, the
truck continued to back up until its tires touched the front of the
shuttle.

Some people think autonomous vehicles must be
nearly flawless before humans take their hands off the wheel. But
RAND research shows that putting AVs on the road before they’re
perfect improves the technology more quickly—and could save
hundreds of thousands of lives over time.

Better get that fence up quick! {Does the agent
in this picture have a hand grenade clipped to his vest?}

The U.S. Border Patrol is losing agents faster
than it can hire them, according to a new audit released Wednesday
that said competition with other federal law enforcement and the
difficulty of passing a
polygraph test have sapped the agency of nearly 2,000
agents it’s supposed to have.

More than 900 agents leave each year on average
but the Border Patrol only hires an average of 523 a year, the
Government
Accountability Office said in a broad survey of staffing and
deployment challenges at the key border law enforcement agency.

Library
of Congress: “The papers of Abraham Lincoln (1809-1865),
lawyer, representative from Illinois, and sixteenth president of the
United States, contain approximately 40,550 documents dating from
1774 to 1948,
although most of the collection spans from the 1850s through
Lincoln’s presidency (1861-1865). Roughly half of the collection,
more than 20,000 documents, comprising 62,000 images, as well as
transcriptions of approximately 10,000 documents, is online.

… Treasures in the collection include
Lincoln’s first and second inaugural addresses, his preliminary
draft of the Emancipation Proclamation, the two earliest known copies
of the Gettysburg Address (the Nicolay and Hay copies), his August
23, 1864, memorandum expressing his expectation of being defeated for
re-election in the upcoming presidential contest, and a condolence
letter written to Mary Todd Lincoln by Queen Victoria following the
assassination of Abraham Lincoln in 1865. The Lincoln Papers are
characterized by a large number of correspondents, including friends
and associates from Lincoln’s Springfield days, well-known
political figures and reformers, and local people and organizations
writing to their president…”

Resume
Assistant will detect that you're writing a résumé and
offer insights and suggestions culled from LinkedIn.

… The feature will also show job openings that
are suitable for your résumé directly within Word, putting résumé
writers directly in contact with recruiters.

… The Resume Assistant will become available
to Office 365 users that have opted in to the Insider early access
program on Thursday. ... Microsoft will then roll it out to other
Office 365 users more broadly over the next few months.

If you do a search
for Amazon S3 breaches due to customer error of leaving the data
unencrypted, you’ll see a long list that includes a DoD
contractor, Verizon
(the owner of this publication) and Accenture,
among the more high profile examples. Today, AWS
announced a new set of five tools designed to protect customers
from themselves and ensure (to the extent possible) that the data in
S3 is encrypted and safe.

For starters, the company is giving the
option of default encryption. [But
not encryption by default? Forcing the client to override “best
practice” Bob]

… Amazon is putting a signal front and center
on the administrative console that warns admins with a prominent
indicator next to each S3 bucket that
has been left open to the public. [But
not private by default? Bob]

… Finally, should all else fail, there is a
report, which includes the encryption status of each object in S3.
Of course, you have to read
it, but it’s there as an additional tool in the battle
against human error. [No
doubt the Auditors will want a copy. Bob]

My Computer Security students have been discussing
how to hack an election.

This can’t be right. There are a few hundred
questions I might ask before I would consider recommending this. Why
not have the “hash” created on the victim’s computer? Will
they accept video from children? Won’t a man-in-the-middle attack
siphon off every photo or video?

Facebook’s
unorthodox new revenge porn defense is to upload nudes to Facebook

Facebook is testing a new
preemptive revenge porn
defense in Australia that may, at first blush, feel
counterproductive: uploading your nude photos or videos directly to
Messenger. According
to the Australia Broadcasting Corporation, Facebook has
partnered with the office of the Australian government’s e-Safety
Commissioner, which works primarily to prevent the online abuse
of minors, to develop the new system for combating the nonconsensual
sharing of explicit media.

By uploading the images or
videos you fear may be shared in the future in an attempt to shame or
harass you online, Facebook can digitally “hash” the media,
effectively giving it a digital footprint. This allows the social
network to track the media using the same artificial
intelligence-based technologies it uses in its photo and face
matching algorithms, and then prevent it from being uploaded and
shared in the future. This
works only if you’re in possession of the original file,
but it would seem to bypass any attempts from a malicious third party
to alter the metadata by analyzing and tagging the actual content of
the image or video.

Facebook first implemented a
similar, although less preemptive, mechanism for preventing the
proliferation of revenge porn back
in April, with the implementation of a photo-matching system to
prevent the spread of images that have already been reported and
taken down. The company has also liberally
banned accounts for revenge porn activities. But now Facebook
seems to be asking users to think ahead and play it safe if they feel
particularly vulnerable, which could be the case in a relationship
that becomes abusive over time or only after it’s ended.

Facebook doesn’t just know too much about you —
it allows other people to know too much about you! The
social network’s privacy settings are so complicated that we
managed to write a
4,500-word guide about them and still didn’t manage to cover
everything.

Did you
know you can use a secret URL to see the entire Facebook history of
any two people on the network? (For people you aren’t friends
with, it’ll only show their publicly-available interactions.)

(Related) Maybe this social media stuff is really
hard? How would you do it?

A Facebook test that promoted comments containing
the word fake to the top of news feeds has been criticised by users.

The trial, which Facebook says has now concluded,
aimed to prioritise "comments that indicate disbelief".

It meant feeds from the BBC, the Economist, the
New York Times and the Guardian all began with a comment mentioning
the word fake.

The test, which was visible only to some users,
left many frustrated.

The comments appeared on a wide range of stories,
from ones that could be fake to ones that were clearly legitimate.
The remarks, which would appear at the top of the comments section,
came from a variety of people but the one thing that they had in
common was the word fake.

"Clearly Facebook is under enormous pressure
to tackle the problem of fake news, but to question the veracity of
every single story is preposterous," said Jen Roberts, a
freelance PR consultant.

"Quite the reverse of combating
misinformation online, it is compounding the issue by blurring the
lines between what is real and what isn't. My Facebook feed has
become like some awful Orwellian doublethink experiment."

Cryan has warned repeatedly that technology will
allow big savings across his sprawling empire, and recent media
reports suggest he’s under increasing pressure from shareholders to
deliver, having also suspended the bank’s regular dividend.

… “We’re too manual, which can make you
error-prone and it makes you inefficient. There’s a lot of machine
learning and mechanisation that we can do,” Cryan said.

… Cryan told the FT that further
branch closures and cooperation
with rivals in the area of crime prevention and detection
were also areas where savings can be made. “Every bank at the
moment has a huge and burgeoning department of people who are doing
the same stuff,” he said. “It’s
not a source of competitive advantage and you’re exposed to making
your own mistakes.”

Tuesday, November 07, 2017

A new phishing email scam is targeting millions of
Netflix
subscribers. The email scam is designed to trick Netflix users into
thinking their accounts are in danger of suspension, which means that
any subscribers worried about having their latest Stranger Things
binge interrupted could be in danger of falling prey to a scheme
seeking their personal and credit card information.

According to Deadline,
the new scam has already
targeted roughly 110 million Netflix subscribers with
phishing emails disguised as official correspondence from Netflix
warning users that their accounts could be suspended if their billing
information is not updated. The emails include a link to a fake
Netflix page that asks users to enter log-in details and, eventually,
updated personal and billing information.

The ethics of reporting the details of stolen data
seem to depend on how interesting it is.

Following
the huge 2016 leak of documents stolen from Panamanian firm Mossack
Fonseca (aka, the Panama
Papers), the expected analyses of documents stolen more recently
from the Appleby law firm (aka, the Paradise
Papers) has begun. The route is the same in both cases -- the
German newspaper Suddeutsche Zeitung obtained the stolen documents
from an anonymous source (possibly the hacker, or via a third party),
and passed them to the International Consortium of Investigative
Journalists (ICIJ).

The
ICIJ then worked with 95 media partners to explore a total of 13.4
million documents comprising those stolen from Appleby together with
other documents from the smaller family-owned trust company,
Asiaciti, and from company registries in 19 secrecy jurisdictions.

… "While
the mechanics of the breach itself have yet to be revealed, this was
clearly a targeted attack," comments Mark Sangster, VP and
industry security strategist at eSentire. "Appleby took
appropriate response steps in notifying their clients; but you can't
insure [against] this. This class of events demonstrates why law
firms must protect their clients' confidential information. No
amount of cyber insurance, data back strategies, nor business
continuity planning can ever put this genie back in the bottle."

Incident
response is relatively meaningless if no incident is detected -- or
not, as in this case, detected until too late.

Every
year there are reports and surveys
which make the case that security inhibits innovation, productivity
and generally holds businesses back. I am not going to argue with
that sentiment. Security requires that things are done in a certain
manner, which can act as a constraint on wanting to do things a
different way. What I do want to address is the notion that this is
the case because security people just don’t get business. It’s
actually the reverse – businesses do not get security. And this
misconception is based on several fallacies, false beliefs and myths.

The
first myth is that security is an add-on cost.

The
second myth is that security can be bolted on after the fact.

The
greatest myth of all is that security people should make security
easy.

As an Auditor or as a Security Manager, I would
like some of these metrics. But I only want to see them when
something changes significantly.

… To monitor productivity, software can
measure proxies such as the number of emails being sent, websites
visited, documents and apps opened and keystrokes. Over time it can
build a picture of typical user behaviour and then alert
when someone deviates.

“If it’s normal for you to send out 10 emails,
type 5,000 keystrokes and be active on a computer for three hours a
day, if all of a sudden you are only active for one hour or typing
1,000 keystrokes, there seems to be a dip in productivity,” said
Miller.

“Or if you usually touch 10 documents a day and
print two and suddenly you are touching 500 and printing 200 that may
mean you’re stealing documents in preparation of leaving the
company.”

Politicians are not held to the same standard as
CEOs. If a CEO does not know what is happening in his company, he is
still responsible for it. No politician will accept responsibility
for anything that may cost them votes.

The FBI
originally planned to say that Hillary
Clinton was “grossly negligent” in her handling of secret
emails, a top senator said Monday, revealing early drafts of the
statement that James
B. Comey drew up as FBI
director.

… Gross negligence would seem to be a high
enough standard to have prosecuted Mrs.
Clinton — though Mr.
Comey ended up not recommending charges, saying
that while the former first lady, senator and top diplomat was
clueless, he couldn’t prove she knew how badly she was risking
national security.

… In an original statement that Mr.
Grassley says appears to have been drafted May 2, Mr.
Comey said there was “evidence to support a conclusion that
Secretary Clinton,
and others, used the private email server in a manner that was
grossly negligent with respect to the handling of classified
material.”

He also wrote in that draft that “the sheer
volume of information that was properly classified as Secret at the
time it was discussed on email (that is, excluding the ‘up
classified’ emails) supports an inference that the participants
were grossly negligent in their handling of that information.”

By June 10, those sentences were deleted and Mr.
Comey wrote: “Although we did not find clear evidence that
Secretary Clinton
or her colleagues intended to violate laws governing the handling of
classified information, there is evidence that they were extremely
careless in their handling of very sensitive, highly classified
information.”

McConnell:
Tech companies could help US 'retaliate against the Russians'

… “What we ought to do with regard to the
Russians is retaliate, seriously retaliate against the Russians,”
McConnell told MSNBC’s Hugh Hewitt on Saturday. “These tech
firms could be helpful in giving us a way to do that.”

McConnell did not elaborate on what that
retaliation might look like.

Interesting argument. It’s not a violation of
the law because it track a vehicle, not a person.

The Rutherford Institute has asked the
Virginia Supreme Court to prohibit police from using license plate
readers as mass surveillance tools to track citizens whether or not
they are suspected of a crime. In filing an amicus brief in Neal
v. Fairfax County Police Department, Rutherford Institute
attorneys argue that Fairfax County’s practice of collecting and
storing license plate reader data violates
a Virginia law prohibiting the government from amassing
personal information about individuals, including their driving
habits and location.

This may be one of those “the-road-to-Hell”
stories. Joe Cadillic sent it along and we are both of the opinion
that regardless of any good intentions, this
is not a good idea.

Meaghan Ybos reported:

Nearly 70 victims of domestic violence
and rape in Memphis are wearing GPS devices thanks to the city’s
Sexual Assault Kit Taskforce, according to its monthly progress
report published in October.

[…]

The GPS devices, which are tracked in
real time, “provide an extra measure of safety by alerting victims
when alleged perpetrators out on bond come within a certain range of
victims who voluntarily wear the device,” taskforce leader Dewanna
Smith told me in an October 23 e-mail.

Yeah…. no….. if a victim really wants to wear
the device, then I guess that’s their right and decision, assuming
that they have been fully informed of how data are collected and
stored and what THEIR data may be used for and by whom. But
otherwise, this strikes me as a pretty bad idea.

And does the perpetrator get a signal that they
have gotten too close to their victim? Does a loud alarm on their
monitor start shrieking at them? And if so, could that actually help
a perpetrator find their victim if they were looking for them?

There’s too much wrong with this. Joe: jump in
with your thoughts, please. I tend to agree with this statement in
the story:

“If somebody accused of rape is enough of a risk that a victim
would need to wear a safety monitoring device,” said Carrie
Goldberg, a New York civil
rights attorney and pioneer
in the field of sexual privacy, “then
perhaps it would make more sense to rethink that [perpetrator’s]
being on the streets in the first place.”

Teachers in one Oregon school district
who fail to report the sexual activity of their students could be at
risk of being fined or losing their jobs.

The Salem-Keizer district officials told
teachers that if they hear about their students having sex they must
report it to law enforcement or Department of Human Services
officials. District officials say they are just following state law
that has put them in a bind with their students.

And here we have yet another horrible idea/law.
Schools should be creating an environment where it is safe for
students to share information with school personnel. These types of
snitch laws work against that.

… One night in the summer of 2015, over
Sichuan at Han Dynasty on 85th Street, Cogan asked Horwitz for advice
about his latest notion: selling contact lenses online. The contacts
business was dominated by a handful of companies like Johnson &
Johnson and Bausch & Lomb, which seemed to charge whatever they
wanted — at least in Cogan’s view, based on the price increases
for his own lenses. Surely a low-cost competitor could tempt away
customers

There are two very different pictures of the
students roaming the hallways and labs at New York University’s
Tandon School of Engineering.

At the undergraduate level, 80 percent are United
States residents. At the graduate level, the number is reversed:
About 80 percent hail from India, China, Korea, Turkey and other
foreign countries.

… The dearth of Americans is even more
pronounced in hot STEM fields like computer science, which serve as
talent pipelines for the likes of Google, Amazon, Facebook and
Microsoft: About 64 percent of doctoral candidates and almost 68
percent in master’s programs last year were international students,
according to an annual
survey of American and Canadian universities by the Computing
Research Association.

Yet another PowerPoint competitor? There is a
free limited EDU option.

Joomag
is a platform which allows users to design and publish professional
looking publications. It contains hundreds of templates which can be
use to create the perfect foundation for your publication.
Incorporate videos and music directly from popular platforms like
YouTube, Vimeo, and Soundcloud or upload these types of files
directly from your computer. Create customized slideshows using your
own images or from Getty Images. This platform also incorporates an
image editor. Joomag publications can be embedded on websites and
shared easily on social media channels.

Sunday, November 05, 2017

Wells Fargo & Co. added $1 billion in the
third quarter to what it says the bank may face in possible legal
expenses.

Legal costs could potentially be $3.3 billion more
than what the San Francisco-based bank has reserved, Wells Fargo said
Friday in a regulatory filing. While that figure was unchanged from
the previous three-month period, it constitutes a $1 billion increase
because Wells Fargo moved a similar amount into legal reserves during
the period.

The bank announced
a surprise $1 billion charge in the third quarter for a
previously disclosed regulatory investigation into its pre-financial
crisis mortgage activity when it reported third quarter earnings.
Banks typically move funds into an accrual when they determine a cost
is no longer “reasonably possible” and instead becomes probable.

(Related). A new risk for managers who don’t
know what is happening in their corporations? I hope so!

It’s distressingly common for directors of
public companies to skate away from liability when corporate
misconduct occurs on their watch. That’s why a recent ruling by a
federal judge hearing two cases against Wells Fargo’s officers and
directors is both unusual and welcome.

The cases were filed against the bank by
shareholders seeking to recover losses that were sustained, they say,
in the wake of Wells Fargo’s widespread creation of fake or
unauthorized accounts — a scandal that has besieged the bank, hurt
its shares and caused the ouster
of its chief executive last year.

The defendants in the case
recently ruled on by the judge are 15 current or former directors and
four current or former officers. It is a so-called derivative
action, brought on behalf of Wells Fargo on the grounds that it was
harmed by the improprieties.

The officers named in the suit include Timothy J.
Sloan, Wells Fargo’s current chief executive, and Carrie Tolstedt,
the former senior executive vice president of the community banking
unit where the account-opening improprieties originated. The
defendants had asked the judge to dismiss the case; among their
arguments was a claim that the plaintiffs had not presented enough
specificity on what each defendant had done wrong.

But Jon
S. Tigar, the judge hearing the cases in United States District
Court in San Francisco, disagreed. In early October, he allowed the
case to go forward so the plaintiffs would have a chance to prove
their allegations.

While that may
seem an incremental and mostly procedural step, legal experts not
involved in the case said Judge
Tigar’s ruling sent a clear message to public company officers and
directors: be vigilant for bad behavior in your operations, or else.

Senior management needs better ears. Sometimes
the low level worker can see the forest despite all the trees.

Trump's
account was deactivated after years of employees warning Twitter

Last night, a rogue Twitter
employee celebrated their last day with the company by deactivating
President Donald Trump’s account. In response, Twitter said it
has “implemented
safeguards to prevent this from happening again.” But the
company declined to offer any explanation for how it would restrict
access to tools that have been accessible to a range of Twitter
employees, including contractors. Former employees say the company
has known about the risks of rogue employees for years — and that
Trump’s 11-minute deactivation isn’t the first time an employee
targeted an account on their way out of the company.

… An Associated Press investigation into the
digital break-ins that disrupted the U.S. presidential contest has
sketched out an anatomy of the hack that led to months of damaging
disclosures about the Democratic Party’s nominee. It wasn’t just
a few aides that the hackers went after; it was an all-out blitz
across the Democratic Party. They tried to compromise Clinton’s
inner circle and more than 130 party employees, supporters and
contractors.

… The rogue messages that first flew across
the internet March 10 were dressed up to look like they came from
Google, the company that provided the Clinton campaign’s email
infrastructure. The messages urged users to boost their security or
change their passwords while in fact steering them toward decoy
websites designed to collect their credentials.

… Gregory DeAngelo, an economist at the
University of West Virginia, scraped 17 years’ worth of data from
The Erotic Review, a website that is like the Yelp for illegal sex
services. The dataset features about 1.1 million reviews, which
contain extremely detailed descriptions of encounters, time spent,
features of the sex worker, and price. According to data on the
site, average inflation-adjusted hourly rates increased 38% between
2000 and 2015.

In spite of nearly universal agreement that
artificial intelligence promises revolutionary
benefits, Gartner recently found that almost 60 percent of
organizations surveyed have yet to take advantage of these benefits.
Perhaps even more surprisingly, only a little more than 10 percent of
surveyed businesses have deployed or implemented any AI solution at
all.

Further confirmation of this gap between AI’s
promise and enterprises’ ability to implement it is the finding
that close to half of the surveyed organizations stated that they
prefer to buy pre-packaged AI solutions or use AI capabilities
already embedded in their applications.

… A vital factor driving the preference for
pre-packaged AI or AI-embedded applications is that few businesses
have the in-house skills to enact a custom solution themselves.

Gartner’s analysis has concluded that this
skills gap is the most significant barrier to AI
adoption.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.